qakbot | dbbf208efe3b4bb5445f72a07f2cd900e0b8bac7741a5a56dd4cb68234c888f7 | Triage

Sharing

General

Target

QBot_b32d59e9d3a6a24fb2d55a7f3bb8d12d6bd587c3817a7af49b9e40bac6ce8ecc.zip
Size

375KB
Sample

220628-r92x1sbhd5
MD5

45cd1c36ee16848bd490ff773f1a1557
SHA1

359f44bdd7e5277f53a06c71fa395dc8ea501086
SHA256

dbbf208efe3b4bb5445f72a07f2cd900e0b8bac7741a5a56dd4cb68234c888f7
SHA512

1a5dec7944813973f5ce5b36c7719b246c8436a9129e7bc50c2771704466c109b5344d78680ed88b221fb9813295e510e500ef94f8787032d70d11d5264066ad

Score

10^/10

qakbot tr 1643025272 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

tr

Campaign

1643025272

C2

103.143.8.71:6881

37.210.172.200:2222

136.143.11.232:443

190.73.3.148:2222

78.101.147.76:61202

82.152.39.39:443

65.100.174.110:995

65.100.174.110:443

111.125.245.116:995

117.248.109.38:21

31.215.99.178:443

103.142.10.177:443

39.49.110.129:995

86.97.246.244:1194

68.204.7.158:443

217.128.93.27:2222

144.86.28.125:443

94.59.253.222:2222

120.150.218.241:995

185.249.85.209:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  QBot_b32d59e9d3a6a24fb2d55a7f3bb8d12d6bd587c3817a7af49b9e40bac6ce8ecc.bin
- Size
  
  523KB
- MD5
  
  c28c2ae9388448fd54e7d12344c39bea
- SHA1
  
  5ad52bfbc86f40395627e62fa97ff8eaf7158b66
- SHA256
  
  b32d59e9d3a6a24fb2d55a7f3bb8d12d6bd587c3817a7af49b9e40bac6ce8ecc
- SHA512
  
  311445fafe654f981877ee370a3dd85a8ee75beedc496942e7148951fde1bedbf5406b070e9302d91d13a4c9dba05608dfe593fffc50f1120bda0aa9d862c569
Score

10^/10

qakbot tr 1643025272 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1643025272bankerevasionstealertrojan

behavioral2

qakbottr1643025272bankerevasionstealertrojan